Data Processing Agreement (DPA)

This Agreement governs the processing of personal data by the Processor on behalf of the Controller for delivery of Envolve’s chatbot services.

The Controller determines the purpose and means of processing. The Processor processes data solely on the basis of documented instructions from the Controller.

Processing includes collection, transmission, storage, and analysis of chatbot interaction data for service delivery, performance measurement, and system improvement.

Data may include conversation text, timestamps, and optional personal data voluntarily provided by users. Sensitive data is not required and should not be submitted.

The Processor may use approved sub-processors (for example, infrastructure or hosting providers). The Controller will be notified of material changes to the list of sub-processors where required.

The Processor implements appropriate technical and organisational measures to ensure the confidentiality, integrity, and availability of personal data, taking into account the nature of the processing and the risks to data subjects.

The Processor shall, where feasible and taking into account the nature of the processing, assist the Controller in responding to requests from data subjects to exercise their rights under applicable data protection laws.

The Processor shall notify the Controller without undue delay upon becoming aware of any personal data breach affecting personal data processed on behalf of the Controller and shall provide reasonable assistance in relation to any investigations or notifications required.

Upon termination or expiry of the services, the Processor will delete or return personal data processed on behalf of the Controller, unless applicable law requires the retention of such data.

Any transfers of personal data outside the UK carried out by the Processor shall comply with UK GDPR requirements and shall be subject to appropriate safeguards, such as standard contractual clauses or other approved transfer mechanisms.

This Agreement and any dispute or claim arising out of or in connection with it shall be governed by and construed in accordance with the laws of England & Wales.